CVE-2025-48809

CVE-2025-48809 corresponds to a Windows Secure Kernel Mode information disclosure vulnerability in the Windows kernel. Publicly cited description states that a processor optimization removal or modification of security-critical code in the Windows Kernel can allow an authorized local attacker to ...

CVE-2025-26636

CVE-2025-26636 is a Windows Kernel information-disclosure vulnerability caused by processor optimization that removes or modifies security-sensitive code, enabling an authorized local attacker to disclose information. Connected sources confirm the issue affects Windows Kernel components and is ad...

Windows Secure Kernel Mode Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...

OSV-2025-534 Heap-use-after-free in ih264_inter_pred_luma_horz_ssse3

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=428771938 Crash type: Heap-use-after-free READ 16 Crash state: ih264interpredlumahorzssse3 ih264dmotioncompensatemp isvcddecoderecontfrnmbnonbaselyr...

PT-2025-28541 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue allows an authorized attacker to disclose information locally by removing or modifying security-critical code in the Windows Kernel through processor optimization...

PT-2025-28505 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue allows an authorized attacker to disclose information locally by removing or modifying security-critical code in the Windows Kernel through processor optimization...

LIFT: Automating Symbolic Execution Optimization with Large Language Models for AI Networks

Dynamic Symbolic Execution DSE is a key technique in program analysis, widely used in software testing, vulnerability discovery, and formal verification. In distributed AI systems, DSE plays a crucial role in identifying hard-to-detect bugs, especially those arising from complex network...

Compiler Optimization Removal or Modification of Security-critical Code

Overview Affected versions of this package are vulnerable to Compiler Optimization Removal or Modification of Security-critical Code due to a race condition in AESNI detection when certain compiler optimizations are applied. An attacker can extract sensitive cryptographic keys or perform...

LoRAShield: Data-Free Editing Alignment for Secure Personalized LoRA Sharing

The proliferation of Low-Rank Adaptation LoRA models has democratized personalized text-to-image generation, enabling users to share lightweight models e.g., personal portraits on platforms like Civitai and Liblib. However, this "share-and-play" ecosystem introduces critical risks: benign LoRAs c...

SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning

Federated Learning FL has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges, notably the threat of backdoor attacks. Existing backdoor strategies predominantly rely on end-to-end label...

[SECURITY] Fedora 42 Update: optipng-7.9.1-1.fc42

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...

How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout

It sure is a hard time to be a SOC analyst. Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented...

Security Assessment of DeepSeek and GPT Series Models against Jailbreak Attacks

The widespread deployment of large language models LLMs has raised critical concerns over their vulnerability to jailbreak attacks, i.e., adversarial prompts that bypass alignment mechanisms and elicit harmful or policy-violating outputs. While proprietary models like GPT-4 have undergone extensi...

IDOL: Improved Different Optimization Levels Testing for Solidity Compilers

As blockchain technology continues to evolve and mature, smart contracts have become a key driving force behind the digitization and automation of transactions. Smart contracts greatly simplify and refine the traditional business transaction processes, and thus have had a profound impact on vario...

Cut Tracing with E-Graphs for Boolean FHE Circuit Synthesis

Fully Homomorphic Encryption FHE is a promising privacy-preserving technology enabling secure computation over encrypted data. A major limitation of current FHE schemes is their high runtime overhead. As a result, automatic optimization of circuits describing FHE computation has garnered...

Smart-LLaMA-DPO: Reinforced Large Language Model for Explainable Smart Contract Vulnerability Detection

Smart contract vulnerability detection remains a major challenge in blockchain security. Existing vulnerability detection methods face two main issues: 1 Existing datasets lack comprehensive coverage and high-quality explanations for preference learning. 2 Large language models LLMs often struggl...

Secure Time-Modulated Intelligent Reflecting Surface via Generative Flow Networks

We propose a novel directional modulation DM design for OFDM transmitters aided by a time-modulated intelligent reflecting surface TM-IRS. The TM-IRS is configured to preserve the integrity of transmitted signals toward multiple legitimate users while scrambling the signal in all other directions...

On Secure UAV-Aided ISCC Systems

Integrated communication and sensing, which can make full use of the limited spectrum resources to perform communication and sensing tasks simultaneously, is an up-and-coming technology in wireless communication networks. In this work, we investigate the secrecy performance of an uncrewed aerial...

Optimizing System Latency for Blockchain-Encrypted Edge Computing in Internet of Vehicles

As Internet of Vehicles IoV technology continues to advance, edge computing has become an important tool for assisting vehicles in handling complex tasks. However, the process of offloading tasks to edge servers may expose vehicles to malicious external attacks, resulting in information loss or...

CVE-2025-38048

In the Linux kernel, the following vulnerability has been resolved: virtioring: Fix data race by tagging eventtriggered as racy for KCSAN syzbot reports a data-race when accessing the eventtriggered, here is the simplified stack when the issue occurred:...